Disclosure of Invention
Embodiments of the present invention provide a connection method, a server, a client, and a storage medium for a virtual private network, which are convenient for increasing the number of VPN servers, increasing the success rate of accessing the VPN servers, and improving the quality of a network connected to the VPN servers.
In order to solve the above technical problem, an embodiment of the present invention provides a connection method for a virtual private network, which is applied to a registration server, and includes: receiving a connection request sent by a Virtual Private Network (VPN) client, wherein the connection request is used for requesting to connect a VPN server; returning the connection information of the available VPN service end and a network quality detection strategy to the VPN client, wherein the network quality detection strategy is a strategy for detecting the network quality of the available VPN service end; and the VPN client selects a VPN server to be connected for connection according to the network quality detection strategy.
The embodiment of the invention also provides a connection method of the virtual private network, which is applied to the client and comprises the following steps: sending a connection request to a registration server; receiving connection information of an available VPN server and a network quality detection strategy returned by the server, wherein the network quality detection strategy is a strategy for detecting the network quality of the available VPN server; and selecting a VPN server to be connected for connection according to a network quality detection strategy.
An embodiment of the present invention further provides a server, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the above-described method of connecting to a virtual private network on a registry server.
An embodiment of the present invention further provides a client, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the above-described method for connecting to a virtual private network applied to a client.
Embodiments of the present invention also provide a computer-readable storage medium storing a computer program, which when executed by a processor implements the method for connecting to a virtual private network of a registration server or the method for connecting to a virtual private network of a client.
Compared with the prior art, the embodiment of the invention has the advantages that the registration server returns the connection information of the available VPN server to the VPN server after receiving the connection request sent by the VPN client, and the connection information of the available VPN server is provided by the registration server instead of the configuration information in the client configuration file, so that the VPN client does not need to be updated even if the IP address of the available VPN server is increased, and the applicability of the VPN client is improved; in addition, the VPN client can select a VPN server to be connected to connect according to a network quality detection strategy, and the network quality of the available VPN server can be determined through the network quality detection strategy, so that the determined VPN server to be connected can provide better network quality, the success rate of accessing the VPN client to the VPN server is increased, and the network quality of connecting the VPN server is improved.
In addition, before returning the connection information of the available VPN server and the network quality detection policy to the VPN client, the connection method of the virtual private network further includes: according to the stored registration information of the registered VPN server, selecting the registered VPN server matched with the VPN client as an available VPN server, wherein the registration information of the registered VPN server comprises the following steps: the port number of the registered VPN service end, the IP address of the registered VPN service end and the operation protocol type of the registered VPN service end, and the connection information of the available VPN service end comprises the IP address of the available VPN service end. The registration server stores the registration information of the registered VPN service ends, so that the information of each registered VPN service end can be obtained through the registration server, the number of the registered VPN service ends is increased conveniently, and the success rate of accessing the VPN client to the VPN is further improved by selecting the registered VPN service end matched with the connection request as an available VPN service end.
In addition, the connection request includes: the port number of the VPN client and the operation protocol type of the VPN client; according to the stored registration information of the registered VPN server, selecting the registered VPN server matched with the VPN client as an available VPN server, and specifically comprising the following steps: acquiring a port number of a VPN client and an operation protocol type of the VPN client; the following processing is carried out aiming at the registration information of the registered VPN service terminal: judging whether the registration information of the registered VPN server is matched with the port number of the VPN client and the operation protocol type of the VPN client; and if the VPN servers are matched, the registered VPN server is used as an available VPN server. Because different VPN clients have different port numbers and operation protocol types for accessing the VPN, the registered VPN server matched with the VPN client can be quickly selected by respectively matching the port numbers and the operation protocols of the VPN clients, and the speed of determining the available VPN server is improved.
In addition, before receiving the connection request sent by the virtual private network VPN client, the method for connecting a virtual private network further includes: receiving registration information sent by a VPN server, wherein the registration information of the VPN server comprises a port number of the VPN server, an IP address of the VPN server and an operation protocol type of the VPN server; determining a registered VPN server according to the registration information of the VPN server; and storing the registration information of each registered VPN server. The received registration information of the VPN service end is not stored, but the registration information of the VPN service end is stored, so that the stored data volume can be reduced, and the subsequent determination speed of the available VPN service end is further improved.
In addition, determining to register the VPN server according to the registration information of the VPN server includes: acquiring an IP address of a VPN server and an operation protocol type of the VPN server in the registration information; sending a specified detection packet to the IP address, wherein the operation protocol type of the specified detection packet is the same as the operation protocol type of the VPN server; and judging whether feedback information of the VPN server side is received or not, and if so, taking the VPN server side as a registered VPN server side. And sending a detection packet to the VPN service end, detecting whether a port of the VPN service end is available or not, or detecting whether a network of the VPN service end is available or not, if the feedback information is received, determining that the port of the VPN service end is available and the network is normal, determining that the VPN service end is a registered VPN service end, and quickly determining the registered VPN service end through the detection of the detection packet.
In addition, the connection method of the virtual private network further includes: re-determining the registered VPN service end every a first preset time, and updating the stored registration information of the registered VPN service end; and updating the network quality detection strategy every second preset time. The registration information of the registered VPN server is updated regularly, so that the VPN server network stored in the registration server can be ensured to be normal and the port can be used; and updating the network quality detection strategy at regular time to ensure that the network quality detection strategy acquired by the subsequent VPN client is latest and better accords with the detection of the network quality.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments.
The following embodiments are divided for convenience of description, and should not constitute any limitation to the specific implementation manner of the present invention, and the embodiments may be mutually incorporated and referred to without contradiction.
The existing OpenVPN system includes a plurality of VPN service terminals to be connected, and connection information of the plurality of VPN service terminals is generally configured in a configuration file of the VPN client, for example, an IP address of the VPN service terminal or domain name information of the VPN service terminal. And the VPN client side tries to connect the first VPN server side in the configuration file according to the sequence of the connection information of the VPN server sides in the configuration file, and if the connection of the first VPN server side fails, tries to connect the second VPN server side according to the sequence of the connection information of the VPN server sides until the connection of the second VPN server side with one VPN server side succeeds. For example, the OpenVPN system has a structure as shown in fig. 1, where 2 VPN servers are configured in a configuration file of the VPN client, and the sequence is VPN server 01 and VPN server 02; then, the VPN client acquires the connection information of 2 VPN servers in the configuration file, first tries to connect to VPN server 01, and if the connection fails, continues trying to connect to VPN server 02. If the VPN server 01 is connected for the first time and the connection is successful, the VPN client and the VPN server 01 perform data transmission; when a VPN server 03 (not shown in fig. 1) is added to the OpenVPN system, in order to ensure that a VPN client successfully accesses a VPN, a configuration file of the VPN client needs to be updated. If the IP address of the VPN server 02 changes, the configuration file of the VPN client needs to be updated or the domain name resolution record of the VPN server needs to be changed, which results in that the change information of the VPN server cannot be obtained quickly and the VPN system cannot be applied in a large scale.
A first embodiment of the present invention relates to a virtual private network connection method. The connection method of the virtual private network is applied to a registration server, and the registration server is respectively connected with a VPN client and a VPN server. The specific flow of the connection method of the virtual private network is shown in fig. 2.
Step 101: and receiving a connection request sent by the virtual private network VPN client, wherein the connection request is used for requesting to connect the VPN server.
Specifically, a registration server is added, the registration server is connected to the VPN client and the VPN server, the connection structure between the registration server and the VPN client and the VPN server is as shown in fig. 3, fig. 3 includes a plurality of VPN clients and a plurality of VPN servers, a solid line in fig. 3 represents a communication connection between the VPN client and the VPN server, a dotted line represents a communication connection between the VPN client and the registration server or between the VPN client and the registration server before the VPN client is connected to the VPN server, the number of the VPN clients and the number of the VPN servers may be set according to actual needs, and the present embodiment is not limited.
The configuration information in the configuration file of the VPN client may be connection information of the registration server, for example, the configuration information is an IP address of the registration server or domain name information of the registration server. When the VPN client needs to be connected with a VPN server, the connection information of the registration server can be obtained through the configuration information of the VPN client, and then a connection request can be sent to the registration server quickly, wherein the connection request can include a port, an operation protocol type and the like of the VPN client. The operating protocol types are as follows: TCP protocol or UDP protocol, etc.; and the registration server receives the connection request sent by the VPN client.
Step 102: and returning the connection information of the available VPN service end and a network quality detection strategy to the VPN client, wherein the network quality detection strategy is a strategy for detecting the network quality of the available VPN service end. And the VPN client selects a VPN server to be connected for connection according to the network quality detection strategy.
Specifically, the registration server stores registration information of N registered VPN servers, wherein N is an integer greater than 0; that is, the registration information of one VPN server may be stored, and the registration information of a plurality of VPN servers may also be stored. The registration information for each VPN server includes: the method comprises the steps of registering a port number of a VPN service end, registering an IP address of the VPN service end and operating protocol types of the VPN service end. It is understood that other information of the VPN server may also be stored, such as the bandwidth of the VPN server, etc.
In one example, after receiving a connection request sent by a VPN client, all the stored registered VPN servers may be used as available VPN servers, and the registration information of the registered VPN servers may be used as the connection information of the available VPN servers. And returning the determined connection information of the available VPN service end to the VPN client.
In addition, the registration server further stores a network quality detection policy, where the network quality detection policy may be a calculation formula for calculating network quality of the VPN server, and the calculation formula may calculate the network quality of the VPN server based on a packet loss rate of the VPN server. The network quality detection strategy is stored in the registration server, so that after the network quality detection strategy is changed, the VPN client does not need to be changed, the network quality detection strategy acquired by the VPN client each time is the latest network quality detection strategy, and the accuracy of network quality detection is improved.
In another example, a registered VPN server matched with the VPN client may be selected as an available VPN server according to the stored registration information of the registered VPN server.
The connection information of the available VPN server includes an IP address of the available VPN server. The available VPN service end can be screened from the registered VPN service ends according to the connection request, and the returned connection information does not contain the unavailable VPN service end of the VPN client, so that the VPN client access speed is increased. The connection request includes: the port number of the VPN client and the running protocol type of the VPN client.
The specific process of selecting the registered VPN server matched with the VPN client as the available VPN server is as follows: and acquiring the port number of the VPN client and the operation protocol type of the VPN client. The following processing is carried out aiming at the registration information of each registered VPN service terminal: judging whether the registration information of the registered VPN server is matched with the port number of the VPN client and the operation protocol type of the VPN client; and if the VPN servers are matched, the registered VPN server is used as an available VPN server.
Specifically, the registration information of the registered VPN service end, which is matched with the port number of the VPN client and is matched with the operation protocol type of the VPN client, is searched, so that the registration information of each registered VPN service end can be sequentially judged in a traversal manner, and the registration information of the registered VPN service end, which is matched with the port number of the VPN client and is matched with the operation protocol type of the VPN client, is searched. The matched registered VPN server is used as an available VPN server, and the connection information of the available VPN server may include: the IP address of the available VPN server. For example, the registration server stores registration information of 3 registered VPN servers, which are registration information a, registration information B, and registration information C, respectively, determines whether the registration information a matches the port number and the operation protocol type of the VPN client, and if the port number in the registration information a is the same as the port number of the VPN client and the operation type in the registration information a is the same as the operation type of the VPN client, determines that the port numbers of the registration information a and the VPN client match the operation protocol type of the client, and takes the registered VPN client corresponding to the registration information a as an available VPN server. If the port number in the registration information B is the same as the port number of the VPN client and the operation type in the registration information B is different from the operation type of the VPN client, determining that the registration information B is not matched with the operation protocol type of the VPN client, and determining that the registration VPN client corresponding to the registration information B is not an available VPN server. If the port number in the registration information C is different from the port number of the VPN client and the operation type in the registration information C is the same as the operation type of the VPN client, determining that the registration information C is not matched with the port number of the VPN client, and determining that the registration VPN client corresponding to the registration information C is not an available VPN server.
After determining the available VPN server, the connection information of the available VPN server may be determined, for example, the IP address of the available VPN server is used as the connection information of the available VPN server.
And returning the connection information and the network quality detection strategy of the available VPN server to the VPN client, and after receiving the connection information and the network quality detection strategy of the available VPN server, detecting the network quality of the available VPN server according to the network quality detection strategy, and selecting the VPN server with the maximum network quality as the server to be connected for connection. The network quality detection strategy can be a calculation formula based on the round trip time and the packet loss rate of an available VPN service end; for example, the network quality detection policy is a formula for calculating the network quality, that is, the network quality is 1 × round trip time + packet loss rate × 2, and weight 1 and weight 2 are preset values.
Compared with the prior art, the embodiment of the invention has the advantages that the registration server returns the connection information of the available VPN server to the VPN server after receiving the connection request sent by the VPN client, and the connection information of the available VPN server is provided by the registration server instead of the configuration information in the client configuration file, so that the VPN client does not need to be updated even if the IP address of the available VPN server is increased, and the applicability of the VPN client is improved; in addition, the VPN client can select a VPN server to be connected to connect according to a network quality detection strategy, and the network quality of the available VPN server can be determined through the network quality detection strategy, so that the determined VPN server to be connected can provide better network quality, the success rate of accessing the VPN client to the VPN server is increased, and the network quality of connecting the VPN server is improved.
A second embodiment of the present invention relates to a virtual private network connection method. The second embodiment is a further improvement of the first embodiment, and the main improvements are as follows: in the second embodiment of the present invention, registration information for registering a VPN server is stored before receiving a connection request transmitted from a virtual private network VPN client. A specific implementation of storing the registration information for registering the VPN server in the second embodiment is shown in fig. 4.
Step 201: and receiving registration information sent by the VPN server, wherein the registration information of the VPN server comprises a port number of the VPN server, an IP address of the VPN server and an operation protocol type of the VPN server.
Specifically, the registration server may receive, in real time, the registration information sent by the VPN server, where the number of the VPN server is 1 or multiple, and in this embodiment, the number of the VPN server is multiple. After the VPN server establishes a connection with the registration server, the VPN server may send registration information to the registration server.
Step 202: and determining the VPN server to be registered according to the registration information of the VPN server.
In one example, the following processing is performed on the registration information of each VPN server: acquiring an IP address of a VPN server and an operation protocol type of the VPN server in the registration information; sending a specified detection packet to the IP address, wherein the operation protocol type of the specified detection packet is the same as the operation protocol type of the VPN server; and judging whether feedback information of the VPN server side is received or not, and if so, taking the VPN server side as a registered VPN server side.
Specifically, each detection packet supports different operation protocol types, and an operation protocol type corresponding to a VPN service end is determined by acquiring the operation protocol type of the VPN service end, wherein the operation protocol type of the specified detection packet is the same as the operation protocol type of the VPN service end. According to the IP address of the VPN server, sending a specified detection packet to the VPN server; and if the feedback information of the VPN service end is not received, the registration information of the VPN service end is not stored. The specified detection packet may be used to detect whether a port of the VPN server is available or whether a network of the VPN server is available.
Step 203: and storing the registration information for registering the VPN service terminal.
It can be understood that, in order to determine the accuracy of the registration information of the registered VPN server and the accuracy of the network quality detection policy, the registered VPN server may be determined again every first preset time period, and the stored registration information of the registered VPN server is updated; and updating the network quality detection strategy every second preset time.
Specifically, the first preset time period and the second preset time period may be set as needed, for example, the first preset time period may be 24 hours, and the second preset time period may be 1 month. The network quality detection strategy can detect whether a new network quality detection strategy exists in the network every month, and if the new network quality detection strategy exists, the stored network quality detection strategy is updated to be the latest network quality detection strategy.
In the connection method of the virtual private network provided by the embodiment, since the registration information of the registered VPN server is stored instead of storing all the received registration information of the VPN server, the amount of stored data can be reduced, and the subsequent determination speed of the available VPN server is further increased; in addition, the registration information of the registered VPN server is updated regularly, so that the condition that the VPN server network stored in the registration server is normal and the port is available can be ensured; and updating the network quality detection strategy at regular time to ensure that the network quality detection strategy acquired by the subsequent VPN client is latest and better accords with the detection of the network quality.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
A third embodiment of the present invention relates to a virtual private network connection method applied to a VPN client, and a specific flow of the virtual private network connection method is shown in fig. 5.
Step 301: a connection request is sent to the registration server.
Specifically, the VPN client is connected to a registration server, the registration server is connected to VPN servers, and the number of the VPN servers may be 1 or more. The configuration information of the configuration file at the VPN client may be connection information of the registry server, and the connection information may be an IP address of the registry server or domain name information of the registry server. And acquiring the connection information of the registration server in the configuration file, and sending a connection request to the registration server according to the connection information. The connection request includes: the port number of the VPN client and the running protocol type of the VPN client.
Step 302: and receiving the connection information of the available VPN service end and the network quality detection strategy returned by the service end.
Specifically, the registration server receives the connection request, returns connection information of the available VPN service end, and a network quality detection policy, which is a policy for detecting the network quality of the available VPN service end, and may be, for example, a calculation formula for calculating the network quality, where the network quality is 1 × round trip time + packet loss rate × weight 2, and weight 1 and weight 2 are preset values.
Step 303: and selecting a VPN server to be connected for connection according to a network quality detection strategy.
In one example, if the number of available VPN servers is multiple, selecting a VPN server to be connected to connect includes the following sub-steps, as shown in fig. 6.
S31: and determining the network quality of each available VPN service terminal according to the network quality detection strategy.
In one example, the connection information of each available VPN server includes: IP address of available VPN service end; the following processing is carried out aiming at each available VPN service end: sending detection information to the available VPN server according to the IP address of the available VPN server; acquiring a round trip time value and a packet loss rate of an available VPN server; and calculating the network quality of the available VPN service end according to the network quality detection strategy, the round trip time value and the packet loss rate of the available VPN service end.
Specifically, the connection information of each VPN server includes: the IP address of the available VPN service end is processed according to each available VPN service end as follows: sending detection information to a VPN service end, receiving round trip time (rtt) and packet loss rate returned by the available VPN service end, and determining the network quality of the available VPN service end according to the rtt and the packet loss rate. For example, the network quality detection policy is a formula for calculating the network quality, that is, the network quality is 1 × round trip time + packet loss rate × 2, and the weights 1 and 2 are preset values, so that the network quality of each available VPN server can be determined according to the formula.
Substep S32: ranking each available VPN server based on network quality.
Specifically, each available VPN server may be sorted based on network quality, for example, each available VPN server may be sorted in descending order of network quality, or each available VPN server may be sorted in ascending order of network quality.
Substep S33: and selecting the available VPN service end corresponding to the maximum network quality as a VPN service end to be connected, and connecting the VPN service end to be connected.
It should be understood that this embodiment is a system example corresponding to the first embodiment, and may be implemented in cooperation with the first embodiment. The related technical details mentioned in the first embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the first embodiment.
A fourth embodiment of the present invention relates to a server, and a specific configuration of the server 40 is as shown in fig. 7, and includes: at least one processor 401; and a memory 402 communicatively coupled to the at least one processor 401; the memory 402 stores instructions executable by the at least one processor 401, and the instructions are executed by the at least one processor 401, so that the at least one processor 401 can execute the connection method of the virtual private network according to the first embodiment or the second embodiment.
A fifth embodiment of the present invention relates to a client 50, and a specific configuration of the client 50 is as shown in fig. 8, and includes: at least one processor 501; and a memory 502 communicatively coupled to the at least one processor 501; the memory 502 stores instructions executable by the at least one processor 501, and the instructions are executed by the at least one processor 501 to enable the at least one processor 501 to execute the virtual private network connection method according to the third embodiment.
The memory and the processor in either the fourth or fifth embodiments are connected by a bus, which may include any number of interconnected buses and bridges that link various circuits of the memory and the processor or processors together. The bus may also link various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor is transmitted over a wireless medium via an antenna, which further receives the data and transmits the data to the processor.
The processor is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And the memory may be used to store data used by the processor in performing operations.
A sixth embodiment of the present invention relates to a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method for connecting a virtual private network according to the first or second embodiment.
A seventh embodiment of the present invention relates to a computer-readable storage medium storing a computer program which, when executed by a processor, implements the virtual private network connection method of the third embodiment.
Those skilled in the art can understand that all or part of the steps in the method of the foregoing embodiments may be implemented by a program to instruct related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, etc.) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.